Is Pokemon GO putting your Google account at risk?

If you haven’t heard about Pokemon GO by now, you’ve probably been living under a rock. The latest game from Nintendo/Niantic is such a huge success that after its release, Nintendo’s stock increased by 25%, technically increasing the perceived value of the company by 7 billion dollars. In other words one could claim that a fifth of the company’s value today depends on the success of Pokemon Go.

I’ve tried the game on a friend’s phone, from what I can tell this is pretty much like Niantic’s Ingress, except using a much, much more popular franchise that everyone loves, so there’s no question it will be a massive hit. It was fun seeing that a place very close to my office is one of those PokeStops, and having my colleague leverage that to get free stuff. Honestly it’s a brilliant use of AR.

It’s not all great though. A big security issue was raised earlier today by Adam Reeve, a Principal Engineer at security firm RedOwl. Adam Says that when you sign into Pokemon Go on iOS with a Google Account (which the majority of people will be doing since the alternative is to use a pokemon.com account), the application is requesting full access to your account, specifically:

When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).

Certain Google applications may be listed under full account access. For example, you might see that the Google Maps application you downloaded for your iPhone has full account access.

This “Full account access” privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.

Ironically enough, the issue seems to only affect iOS users, not Android. Adam Reeve also indicates that for some unknown reason, not all accounts are impacted by the problem.

Given how many users have jumped on the app since its release, this could become a massive problem. The problem is less with how Nintendo/Niantic would use this powerful access, rather than how a third party could compromise the app somehow and get access to all of your data.

Adam Reeve’s statement is bold: Pokemon Go is a huge security risk.

Mainstream news media have tried to contact Niantic who haven’t replied yet about this issue.

One very possible outcome is that can someone reverse engineer the app in such a way to access all your info and sent them to a third party server. It is not uncommon for examble a hacker to use a phony update for this app and then go to a public place, replace the WIfI signal of a public access point and trick the app to think there is an update for it, thus injecting malicious code to an app that you yourself gave full access to your private data. Of course the authors of this app will tell you “that this isn’t such a problem, if you change your password quickly”, but the hacker will already have what he wanted, personal info to build a file in order to have a better understanding of your password preferences.

Yeah, I’ve always disliked the idea of giving not only my email address, but any associated information. My solution is to fragment my email. I use different emails for different purposes. Whenever possible I use a login through the service rather than a login through my email.

No I haven’t tried Pokémon Go. I think it’d make me look like an idiot, if everyone else I’ve seen playing it is anything to go by. Pokémon X & Y on the 3DS does just fine. Though if I were to try it, I have both an Android smartphone and a couple of Gmail accounts I use as a spam/burner sign ups catcher so I wouldn’t be worried, no credit cards or real personal details, all fake names etc.

In android 6.0 the app asks for permission when it need it. so if the app wan’t to send an Email. It will pop up and ask to use the phones Email funktion. When/if that happens you can “not allow” it and the app wont be allowed to use it.

Just a Thought here but the Vita has a GPS and a nice screen and some of us have the 3G model, and the Vita can run some mobile games… Is there anyway Pokemon Go could be ported? or would it be extremely difficult to make a Homebrew that would be almost similar? Porting new mobile games to the Vita would be like knocking on the coffin and saying “hey it’s not your time!” lol

Archives

Disclaimer: Wololo.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com